Nortel Networks 5530, 5520, 5510 manual Classification, Adding IP and L2 Element, IP Element

Page 40

Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

11.2 Classification

Classification consists of adding the following items:

Add IP or L2 or both classifier elements

Add a classifier. As mentioned above in the overview section, a classifier can be made up of one of the following items:

o One IP classifier element o One L2 classifier element

o One IP and one L2 classifier element

Optional: Create Classifier Block where a block contains two or more classifier elements. Please see restrictions below.

When adding a new policy, either a classifier or a classifier block can be assigned to the policy. Since there is a limit of 15 classification masks available per port, it is advantageous to use Classifier Blocks whenever possible. Multiple Classifiers can be added to a Classifier Block allowing up to 15 Classifiers and/or Classifier Blocks per port. By using Classifier blocks, up to a total of 114 classifiers can be applied to a port.

a) Adding IP and L2 Element

IP Element

To add an IP element, enter the following command:

ERS5500-48T(config)#qos ip-element <1-64000>?

addr-type ds-field dst-ip dst-port-min

flow-id next-header protocol src-ip src-port-min

<cr>

Specify the address type (IPv4, IPv6) classifier criteria Specify the DSCP classifier criteria

Specify the destination IP classifier criteria

Specify the L4 destination port minimum value classifier criteria

Specify the IPv6 flow identifier classifier criteria Specify the IPv6 next header classifier criteria Specify the IPv4 protocol classifier criteria Specify the source IP classifier criteria

Specify the L4 source port minimum value classifier criteria

Example:

ERS5500-48T(config)#qos ip-element 1 src-ip 10.62.32.0/19 dst-ip 10.13.196.0/22

L2 Element

ERS5500-48T(config)#qos l2-element <1-64000>

dst-mac dst-mac-mask ethertype priority src-mac src-mac-mask vlan-min vlan-tag

<cr>

Specify the destination MAC classifier criteria Specify the destination MAC mask classifier criteria Specify the ethertype classifier criteria

Specify the user priority classifier criteria Specify the source MAC classifier criteria Specify the source MAC mask classifier criteria Specify the Vlan ID minimum value classifier criteria Specify the vlan tag classifier criteria

Example:

ERS5500-48T(config)#qos l2-element 1 src-mac 00-00-0A-00-00-00 src-mac-mask

FF-FF-FF-FF-FF-00 ethertype 0x800

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

39

Image 40
Contents Ethernet Routing Switch NN48500-559 Abstract Table of Contents List of Figures List of TablesDocument Updates SymbolsConventions TextOverview Ethernet Routing Switch 5500 QoS and Filtering Classification Untrusted PortsUnrestricted Ports ƒ Layer 2 Classifier ElementsActions Supported StatisticsQoS Flow Chart Overall Classification Functionality Filter FunctionalityClassifier Block Functionality Port Range Functionality 7, 15, 31, 63 255, 511, 1025 4095, 8191 32762, or Min =Default Policy Drop Action PoliciesNN48500-559 5520-24T-PWRconfig#default qos agent buffer 5520-24T-PWRconfig#qos agent buffer large maximum regularQueue Sets Ethernet Routing Switch 5500 Egress CoS Queuing Egress CoS QueuingCoS 5520-24T-PWRconfig#show qos queue-set-assignment 5520-24T-PWRconfig#qos agent queue set5520-24T-PWRconfig#qos agent reset-default 5520-24T-PWRconfig#default qos agent queue-setEgress Queue Recommendations Traffic Meter and Shaping Bucket SizeActual Bucket Size Policing TrafficActual Bucket Size in Bytes Actual size in bytes Interface Parameter DescriptionExample Meter Bucket Size and Duration Interface ShaperBucket Size Max burst rate Committed rate Duration MSec 5530-24TFDconfig#show qos if-shaper port Default Nortel Class of Service Default Nortel CoS MarkingsBinary Hex DecimalQoS Access Lists ACL ACL ConfigurationIP-ACL Configuration Config#qos ip-acl name 1..16 character string ?2 L2-ACL Configuration ACL-Assign ConfigurationACL Configuration Example Config#qos l2-acl name 1..16 character string ?5530H-24TFD#show qos acl-assign Verification5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy 5500config#no qos acl-assign 5500config#no qos acl-assign 1 port 1/195500config#no qos ip-acl Changing ACLIP Security Features Dhcp Snooping ConfigurationDynamic ARP Inspection Configuration Dhcp SnoopingIP Source Guard Configuration IP Source GuardBpdu Filtering Configuration Bpdu FilteringQoS Applications Number of Classifiers Used Feature QoS Interface ApplicationsConfiguration Example ARP SpoofingDhcp Attacks Dhcp Snooping10.3 DoS Bpdu Blocking Configuration Steps Policy Configuration Role CombinationERS5500-48T#show qos if-assign ERS5500-48T#show qos if-groupERS5500-48Tconfig#qos ip-element 1-64000? ClassificationAdding IP and L2 Element IP ElementAdding a Classifier Adding a Classifier BlockMeters Parameters and variables DescriptionAdd a New Policy Pre-defined Values Configuration ExamplesQoS Action Configuration Example 1 Traffic Meter Using Policies 12.2.1 ERS5500 Configuration Using PoliciesConfigure the Interface Role Combination Configure the IP elementsConfigure the Classifier Block Configure MetersERS5500 Create the classifier block Configure the Policy Verify OperationsERS5500 Create the policy Verify the Role CombinationVerify Classifier and Classifier Block Configuration Name m1ERS5500-24T#show qos classifier-block Verify Policy Configuration Verify that the QoS Policy 12.3.1 ERS5500 Configuration IP ACL, Dhcp Snooping, ARP Inspection, and Source GuardERS5500 Add IP address to Vlan 700 and enable Ospf ERS5500 Enable ARP-Inspection for VLAN’s 110 ERS5500 Assign the IP-ACL’s to ports Verify DHCP-SnoopingVerify ARP Inspection VIDVerify ACL Configuration Verify IP Source GuardNN48500-559 NN48500-559 ERS5500-24T#show qos acl-assign Configuration Example 3 Port Range Using ACL or Policy TCP Port RangeConfigure the Policies Configuration Using PoliciesERS5500 Create IP elements for UDP port range Configuration Using IP-ACL’s ERS5500 Remark all other traffic to Bronze12.5.1 ERS5500 Configuration Using Policies Create PolicyERS5500 Pass all other traffic with standard CoS 12.5.2 ERS5500 Configuration Using IP-ACL’sERS5500 Assign the L2-ACL’s to ports Configuration Example 5 L2 and L3 Classification 12.6.1 ERS5500 Configuration Using PoliciesConfigure Classifier and Classifier Blocks ERS5500 Add L2 elements for Vlan 11012.7.1 ERS5500 Configuration Dscp Mapping via Un-restricted Port RoleACL Configuration Policy ConfigurationView the Queue Assignments ID IDEnable Shaping on Port Configuration Example 7 Interface ShapingVerify Shape Rate Configuration Software Baseline Reference DocumentationContact us